Posted
by
samzenpus
on Monday September 01, 2014 @12:55PM
from the gates-are-open dept.

swinferno writes with news about the leak of hundreds of private celebrity photos over the weekend. Hundreds of revealing pictures of female celebrities were leaked overnight after being stolen from their private collections. Hunger Games actress Jennifer Lawrence, Kirsten Dunst, and pop star Ariana Grande were among the celebrities apparently shown in the pictures, which were posted on infamous web forum 4chan. It's unclear how the images were obtained, but anonymous 4chan users said that they were taken from celebrities' iCloud accounts. The accounts are designed to allow iPhone, iPad, and Mac users to synchronize images, settings, calendar information, and other data between devices, but the service has been criticized for being unreliable and confusing. Earlier this year, Jennifer Lawrence herself complained about the service in an interview with MTV.

I worked for Apple for 9 years. I would never use iCloud for anything I needed to keep private.

Apple's own culture of secrecy works against them. You don't discuss what you are doing outside your immediate team. This means that you often don't know enough about what you are doing to understand where your code will be used. You are working from a design (or an API) specified by another team and you have to assume they have the complete picture. If they don't specify brute force protection for your code you must assume that they have a reason or they are using some other method.

The internal secrecy also results in multiple implementations of the same function, because each team knows its own code and doesn't see what others have already implemented or are working on. No doubt somebody in the organization thinks that the internal secrecy is worth the cost.

Wow. If it turns out to be true, it's yet another testament to how difficult it is to be truly anonymous online these days. But not because of standard technical things like using proxies, etc, it's simply because there's so much info out there in social media and Google to provide clues. One mistake or oversight and you're pretty much exposed.

What it comes down to is, if you don't want naked pictures of yourself to end up for all the world to see, don't take naked pictures of yourself. Famous or not, just don't do it.

No. What it comes down to is who, and what, are trustworthy. Cloud services are not trustworthy. Some people are not trustworthy. This doesn't just apply to images; it applies to financial information (banks are not trustworthy), to your behavior in public (those other people at parties are not trustworthy) and so on.

There's no need to give up intimate entertainment. You just need to learn to be discrete, and this means very carefully evaluating who, and what, are trustworthy. I will grant that in the face of all the cloud propaganda, the social networking tsunami, the government's drive to list everyone and everything, and people's innate tendency to gossip, this may no longer be obvious, but discretion is, in fact, one of the key characteristics of a mature and healthy personality.

If you don't want something repeated, don't say it. If you don't want it shared, don't share it. But you can still do it. From there, the advisability of "doing it" becomes a question of one's morals and ethics -- and perhaps the law. While the law is often completely wrongheaded, we must always remember the amount of power in the system's hands.

Discretion: That's what is at the core of all of this. Not self-censorship.

> If you cannot even trust the platform, then how does your logic work?

The logic works fine. Platforms can work fine too. Society, however, doesn't. So that part is up to you.

> Can't trust cell phone cameras. By definition it's a camera attached to a communications device. It's designed to share that photo.

Exactly right. Buy a DSLR if you require discretion in photography. Ensure it does not have network connectivity (some do... Canon 6D, for instance.) If you take an image with a cellphone camera, be aware before you ever shoot it that you can have no reasonable expectation of privacy whatsoever. It goes further than that, too. When using a smartphone, again be aware you have no reasonable expectation of privacy whatsoever with regard to texts, voice conversations, video conversations, email, your location, billing, logging and so one for every service the phone provides you (or others) with.

> Can't trust storing it on a PC as PCs are connected to the Internet in the overwhelming majority of instances.

No. If you want to store something that requires discretion, then you require a non-network connected PC. There's no inherent need to connect a PC to a network. Just because you can, doesn't mean you have to. Nor is there a need to construct a PC with bluetooth, wifi and so on. Nor is there a need to leave a PC in a generally accessible location and/or condition. These are all user choices. Make them wrongly, and your security is compromised. But they are not inevitabilities. There's a lesson here: just because others do something in some particular manner does not mean that you have to do so.

> Then there's the whole point of a picture, looking it at it. Typically that means more than just the picture-taker looking at it

Again, no. This is also user choice. You are responsible for the consequences of your choices, and for knowing the things you need to know to make those choices well. The key here is to be informed enough to make the most correct choices. "It's typical" is not a metric that binds anyone in any way. If you embrace such a thing, you either choose to do so or you are so ignorant that you know no better, in which case anyone who trusts you with data that requires discretion is making a serious mistake.

The images I have taken or otherwise created that I have *decided* you may see are here [flickr.com]. The ones I have *decided* you may not have access to, you will never, ever see, barring use of military levels of force. These conditions were quite literally trivial to instantiate and maintain. Think, choose, easy implementation, all done.

> For all we know, none of these women's accounts were compromised. Their boyfriends, husbands, ex-boyfriends, ex-husbands, girlfriends, ex-girlfriends accounts could have been, or those people could have shared the photos with others, and their accounts were compromised.

The issue isn't account centric. It is behavior centric. You must identify data that needs protection; you must identify the trustworthy in regard to both persons and systems; you must control distribution; you must employ discretion and ensure that your knowledge is up to the task of seeing all these things through. If you cannot do these things, you are (at the very least) a potential victim of your own limitations. And you should probably fix that.:)